I'm part of a two person team that is working on doing a web-based administration for our system. I've been working on the CMP/EJB portion of our system and we have a security domain setup for all of our EJBs that we've created.

I've setup an entry in our login-config.xml file that uses the DatabaseServerLoginModule to obtain password and role information from our DB. I have test code I run with JUnit and I'm able to login to our security domain and access session and entity beans within our defined security domain without any problems.

Where where we having problem is the guy working on the web front-end. We've got our security domain defined in our jboss-web.xml file but if we try a simple JSP page that creates a LoginContext and attempts to access any method on an EJB within our security domain we get a failure with "insufficient method permissions, principal = null...." error message.

I've tested "breaking" the defined "principalsQuery" SQL statement and I get an SQL error when I access the test JSP page so I know it's going through our database login but we still don't seem to get a role assigned when a login is done through a JSP page.

Can anyone point me in the right direction. We have purchased all of the JBoss documentation and it was very helpful to me in getting our database login and security-domain stuff set up.

I'm not much of a web programmer and have mainly been working on backend portions of the system like the EJBs and database so I'm not sure where to start looking. Our web guy out of frustration has dumped this all on me now so I'm in panic mode at this point since we have a critical deadline coming up.

Any help is most appreciated.

Anthony